Hello Sophos community,
Currently i have one issue with a site to site VPN from my sophos SG450. The IPsec tunnel stay's up and is very stable but traffic inside the tunnel is dropping. i already requested help from sophos take a TCP dump on both firewall (mine and peer) and after they compare the TCP dump they say there is a 5 second delay when i receive the ping reply. Now i try to capture espdump and see if i can see somenthing inside the tunnel and find a route cause for this. I followed the guide posted by sophos on how to decrypt esp packets in wireshark but what i found is that when i open the pcap file in wireshark the SPI are different than the SPI i found in the pcap.sa file. (from the guide the SPI must be the same)
Also the ESPdump was done in a meeting with one sophos engineer.
Can somebody help me understand why because i cannot decrypt that espdump?
Thank you!
This thread was automatically locked due to age.